Qualys Container Security Sensor Deployment Guide
Container Security
Sensor Deployment Guide Version 1.30.0
November 1, 2023
Copyright 2018-2023 by Qualys, Inc. All Rights Reserved.
Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners.
Qualys, Inc. 919 E Hillsdale Blvd 4th Floor Foster City, CA 94404 1 (650) 801 6100
Table of Contents
About this Guide ............................................................................................... 5
About Qualys ........................................................................................................................... 5 Qualys Support ........................................................................................................................ 5 About Container Security Documentation ........................................................................... 5
Container Security Overview ......................................................................... 6
Qualys Container Sensor ........................................................................................................ 6 Sensor Modes ........................................................................................................................... 7 What data does Container Security collect? ........................................................................ 8
Get Started ......................................................................................................... 9
Qualys Subscription and Modules required ......................................................................... 9 System support ........................................................................................................................ 9 Deploying Container Sensor ................................................................................................. 10 Installsensor.sh script command line parameters ............................................................ 13 Proxy Support ......................................................................................................................... 18 Qualys Platform (POD URL) your hosts need to access ..................................................... 19 Sensor network configuration .............................................................................................. 19 Static scanning of container images ................................................................................... 20 Log4j vulnerability scanning ................................................................................................ 20 Static log4j detection ............................................................................................................. 20 SCA scanning ......................................................................................................................... 21 Secrets Detection ................................................................................................................... 22 Malware Detection ................................................................................................................ 23 Events that lead to Docker asset scanning ......................................................................... 23 Storage Requirements for Sensor Scans ............................................................................. 24
Installing the sensor on MacOS ...................................................................26
Installing the sensor on Linux ......................................................................28
Installing the sensor on CoreOS..................................................................29
Installing the sensor from Docker Hub ..................................................... 30
Deploying the sensor on standalone docker host using docker compose ...................... 30 Deploying the sensor on standalone docker host using docker run ................................ 36 Deploying the sensor using Docker Hub on Kubernetes ................................................... 42
Installing the CI/CD Sensor in Docker-in-Docker Environment ..........54
Step 1: Have the CS Sensor image inside a Docker-in-Docker Container ....................... 54 Step 2: Launch the Container Security Sensor ................................................................... 55
Deploying sensor in Kubernetes ................................................................. 57
How to Detect the Container Runtime in your Kubernetes Cluster Environment ......... 58 Obtain the Container Sensor Image .................................................................................... 58 Deploy in Azure Kubernetes Service (AKS) ......................................................................... 61 Deploy in Kubernetes - Docker Runtime ............................................................................ 61 Deploy in Kubernetes - Containerd Runtime ..................................................................... 79 Deploy in Kubernetes - CRI-O Runtime ............................................................................... 89 Deploy in Kubernetes - OpenShift ....................................................................................... 98 Deploy in Kubernetes - OpenShift4.4+ with CRI-O Runtime .......................................... 102 Deploy in Kubernetes with TKGI - Docker Runtime ........................................................ 111 Deploy in Kubernetes with TKGI - Containerd Runtime ................................................. 122 Deploy in Kubernetes with Rancher - Docker Runtime .................................................. 134 Deploy in Google Kubernetes Engine (GKE) with multi-node clusters .......................... 140 Deploy in Kubernetes using Helm Charts ......................................................................... 142 Collection of Kubernetes Cluster Attributes ..................................................................... 148 Update the sensor deployed in Kubernetes ...................................................................... 149
Deploying sensor in Docker Swarm ......................................................... 152
Deploying sensor in AWS ECS Cluster .................................................... 156
Scan Container Images in AWS Fargate (ECS)...................................... 161
Compliance with CIS Benchmark for Docker......................................... 169
Administration............................................................................................... 174
Sensor updates ..................................................................................................................... 174 How to uninstall the sensor ............................................................................................... 174
Troubleshooting............................................................................................ 176
Check sensor logs ................................................................................................................ 176 Sensor health status ............................................................................................................ 176 Diagnostic script .................................................................................................................. 176 Sensor crashes during upgrade .......................................................................................... 177 What if sensor restarts? ...................................................................................................... 177 Duplicate Kubernetes containers ...................................................................................... 179 Get container runtime details ............................................................................................ 179
About this Guide About Qualys
About this Guide
Welcome to Qualys Container Security! We'll help you get acquainted with the Qualys solutions for securing your Container environments like Images, Containers and Docker Hosts using the Qualys Cloud Security Platform.
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also founding member of the Cloud Security Alliance (CSA). For more information, please visit
Qualys Support
Qualys is committed to providing you with the most thorough support. Through online documentation, telephone help, and direct email support, Qualys ensures that your questions will be answered in the fastest time possible. We support you 7 days a week, 24 hours a day. Access online support information at support/.
About Container Security Documentation
This document provides information on deploying the sensor on MAC, CoreOS, and various orchestrators and cloud environments. For information on using the Container Security UI and API, refer to: Qualys Container Security User Guide Qualys Container Runtime Security User Guide Qualys Container Security API Guide Qualys Container Runtime Security API Guide For information on deploying the sensor in CI/CD environments, refer to: Qualys Container Scanning Connector for Jenkins Qualys Container Scanning Connector for Bamboo Qualys Container Scanning Connector for Azure DevOps
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- security classification guide army
- security classification guide dod
- a security classification guide scg is
- blood oxygen sensor cvs
- dod security classification guide handbook
- security classification guide training
- what information do security classification guide scg
- free security study guide download
- security free study guide pdf
- security study guide 501
- security plus study guide 501
- comptia security study guide pdf